From e1abd519eef73e4b254ff081ddee85402cb08661 Mon Sep 17 00:00:00 2001
From: Vasiliy Vasilyuk <xorcare@gmail.com>
Date: Sun, 22 Oct 2023 10:32:28 +0300
Subject: [PATCH] Add additional security options for Homebrew cask

See https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/138
---
 home/.exports | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/home/.exports b/home/.exports
index eb4df3d..fbce942 100644
--- a/home/.exports
+++ b/home/.exports
@@ -85,5 +85,11 @@ export GOTELEMETRY=off
 # Prevent Homebrew from collecting analytics.
 export HOMEBREW_NO_ANALYTICS=1
 
+# Forbid redirects from secure HTTPS to insecure HTTP.
+export HOMEBREW_NO_INSECURE_REDIRECT=1
+
+# Require all casks to have a checksum
+export HOMEBREW_CASK_OPTS="--require-sha"
+
 # Means an ohmyzsh installer will not replace an existing .zshrc (default: no)
 export KEEP_ZSHRC=yes